[Freeipa-users] Migration from FreeIPA 1.2.1 to 2
Dan Scott
danieljamesscott at gmail.com
Wed Jun 1 00:28:52 UTC 2011
Done:
https://fedorahosted.org/freeipa/ticket/1266
Dan
On Tue, May 31, 2011 at 18:26, Dmitri Pal <dpal at redhat.com> wrote:
> On 05/31/2011 06:02 PM, Dan Scott wrote:
>> Hi,
>>
>> Thanks for all the replies.
>>
>> On Wed, May 25, 2011 at 18:13, Rob Crittenden <rcritten at redhat.com> wrote:
>>>> I have a FreeIPA 1.2.1 system (1 master and 1 replica server) running
>>>> on Fedora 14. I'd like to migrate to FreeIPA 2, now that Fedora 15 has
>>>> been released. But I have a few questions:
>>>>
>>>> 1. Can Fedora 15 clients authenticate against my FreeIPA 1 servers?
>>> Yes but you would have to configure it yourself. sssd would work nicely with
>>> an ldap/krb5 configuration.
>> I've set up a Fedora 15 VM and have successfully configured it to
>> authenticate against my FreeIPA 1 servers, so this is good. One small
>> problem was that I couldn't get passwordless ssh logins *to* the F15
>> system working. I created and installed a host keytab, same as for all
>> the other systems, but no luck. I was able to ssh *from* the F15
>> system without a password however. Any ideas?
>>
>>>> 3. Can I migrate the servers from FreeIPA 1 to 2 (presumably requiring
>>>> an upgrade from Fedora 14 to 15 along the way).
>>> You cannot do a straight upgrade, too much changed between the two versions.
>>> You should be able to migrate the users and groups using the v2 migration
>>> system. This will maintain your user passwords at least. You would need to
>>> generate new principals and keytabs for your kerberized services.
>> I've setup a Fedora 15 VM and installed the FreeIPA server. I ran the
>> ipa migrate-ds command provided in the documentation. All of the user
>> groups were migrated successfully, but none of the users were migrated
>> due to 'unknown object class "radiusprofile"' errors.
>>
>> I've seen this post here:
>>
>> https://www.redhat.com/archives/freeipa-users/2011-May/msg00282.html
>>
>> but I wanted to add that I don't use any of the radius functionality
>> and my FreeIPA v1 installation is pretty standard, so other users
>> might run into this. I didn't find a bug report, but can file one if
>> needed?
>>
>
> Yes please: https://fedorahosted.org/freeipa/
>
>> Thanks,
>>
>> Dan
>>
>> _______________________________________________
>> Freeipa-users mailing list
>> Freeipa-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>
>>
>
>
> --
> Thank you,
> Dmitri Pal
>
> Sr. Engineering Manager IPA project,
> Red Hat Inc.
>
>
> -------------------------------
> Looking to carve out IT costs?
> www.redhat.com/carveoutcosts/
>
>
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
More information about the Freeipa-users
mailing list